Search the Community

Showing results for tags 'application'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 66 results

  1. 1 download

    Intro To Bug Bounty Hunting And Web Application Hacking *What you'll learn? Learn 10+ different vulnerability types Ability to exploit basic web application vulnerabilities Basics of Reconnaissance How to approach a target Understand how bug bounties work Write better bug bounty reports Includes practical hands on labs to practice your skills. Link:- download Free for users PRIV8

    $100.00 PRIV8

  2. View File Intro To Bug Bounty Hunting And Web Application Hacking [3GB] Intro To Bug Bounty Hunting And Web Application Hacking *What you'll learn? Learn 10+ different vulnerability types Ability to exploit basic web application vulnerabilities Basics of Reconnaissance How to approach a target Understand how bug bounties work Write better bug bounty reports Includes practical hands on labs to practice your skills. Link:- download Free for users PRIV8 Submitter dEEpEst Submitted 28/11/21 Category Libro Online Password ********  
  3. IPTVnator is a video player application that provides support for the playback of IPTV playlists (m3u, m3u8). The application allows to import playlists by using remote URLs or per file upload from the file system. Additionally there is a support of EPG information XMLTV-based which can be provided by URL. The application is an cross-platform and open source project based on Electron and Angular. Features M3u and M3u8 playlists support Upload playlists from a file system Add remote playlists via URL Playlists auto-update feature Open playlist from the file system Search for channels EPG support (TV Guide) with detailed info TV archive/catchup/timeshift Group-based channels list Save channels as favorites HTML video player with hls.js support or Video.js based player Internalization, currently 3 languages are supported (en, ru, de) Set custom "User Agent" header for a playlist Light and Dark theme 0.9.0 (2021-10-14) reorder playlists Bug Fixes search feature should not affect favorites list (ef52f77), closes #71 Features add chinese translation (a497f05) global subtitle display setting (4d2e175) rearrange the display order of playlists (757c739), closes #77 [hide][Hidden Content]]
  4. WARF: Web Application Reconnaissance Framework WARF is a Recon framework for the web application. It comprises different tools to perform information gathering on the target such as subdomain enumeration, directory Bruteforce, gathering all sorts of endpoints like Wayback URLs, JS URLs, endpoints from JS files, API/Secret keys, etc. WARF is highly customizable and allows you to perform a full scan or individual scan on the target. It accumulates the results and shows them in a powerful DataTable through which you can narrow down your searches. WARF also give you the option to add and save target individually and perform different scans on them. With a Dashboard, you will quickly get the metrics of your activity. WARF confined all your targets together and provide you with a clean and efficient way to search them down with their names. Main Features Subdomain Enumeration Directory BruteForce Gather Wayback URLs Gather JavaScript URLs Extract links from JS files Extract API/Secret Keys from JS files Supports Background Scan [hide][Hidden Content]]
  5. What is pFuzz pFuzz is a tool developed in the python language to have advanced fuzzing capability in web application research. Since the application has a modular structure, it has the ability to quickly add new found / to be found WAF bypassing methods to pFuzz and test it on all other WAFs. In addition to a modular structure, multi-threading, multi-processing, and queue structures have been used to make the tool more flexible and the infrastructure has been created for future developments. The tool is programmed so that a given request can be parsed and easily changed over an object. Thanks to this structure, those who will develop the application will be able to contribute easily and develop the tool in line with their own needs without changing the core structure of the application without having to learn. What WAFs did we bypass? FortiWeb Cloudflare Sucuri Akamai Imperva F5 WAF [hide][Hidden Content]]
  6. Description Are you a beginner and looking to break into the AppSec field? Don’t know where to start your Application Security journey? Curious to know what it takes to get started with Bug Bounties? Then, this course is a great start for you. This practical web application penetration testing course is suitable for beginners and it covers a wide range of common web application attacks. Once you get the foundations right, you can build your skills on your own from there. This entry level web security course also provides a custom web application developed in Java specifically for this course. In addition to it, the course also covers some challenges in a publicly available vulnerable web application. The course provides necessary background details to the concepts wherever necessary. Following are some of the topics covered in this course: Web Application Architecture HTTP Requests and Responses SQL Injection – Authentication Bypass Manually Exploiting Error Based SQL Injection SQLMap for exploiting SQL Injection Cross Site Scripting – Reflected, Stored and DOM Based Cross Site Request Forgery Broken Cryptography Access Control Issues Arbitrary File Uploads XPATH Injection XML External Entity (XXE) Injection Java Deserialization Command Execution via Security Misconfigurations Command Execution via outdate software You will learn the following for most vulnerabilities discussed in the course. Identifying a vulnerability How to exploit an identified vulnerability How to prevent the discussed vulnerability NOTE: This is course is being updated and new content will be uploaded until all the advertised modules are covered. Who this course is for: Bug bounty hunters Penetration testers Security Auditors Red Team Operators Web Application Developers Anyone interested in security. Requirements A computer with administrative access, if you want to follow the hands-on exercises. Good to have knowledge of any one programming language. Last Updated 8/2021 [hide][Hidden Content]]
  7. Description ــــــــــــــــــــــــــ This course will introduce Burp Suite and demonstrate the common modules and tools used by web application hackers to find and exploit vulnerabilities. This course provides practical examples through the PortSwigger labs and DVWA to help solidify the concepts and give you the opportunity to exploit systems. This course focuses on using Burp Suite to attack web applications. We will primarily use the community version, as it is free and accessible, and provides the important functionality required to start attacking systems. I've provided links to all of the resources used in the video, so you can follow along and practice your skills with the videos! Requirements ـــــــــــــــــــــــــــــــ Basic knowledge of HTTP protocols and communications Basic knowledge of web applications Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــ IT security engineers Students looking to learn IT security Ethical Hackers and Penetration Testers Bug Bounty hunters targetting web applications [Hidden Content]
  8. jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is also part of the official penetration testing distribution Kali Linux and is included in other distributions like Pentest Box, Parrot Security OS, ArchStrike, or BlackArch Linux. This software is developed using great open-source libraries like Spring, Spock, and Hibernate, and it uses the platform Travis CI for continuous integration. Each program update is tested with Java version 8 through 13 in the cloud, against various MySQL, PostgreSQL, and H2 databases. Source code is open to pull requests and to any contribution on multi-threading, devops, unit and integration tests, and optimization. Features Automatic injection of 23 kinds of databases: Access, CockroachDB, CUBRID, DB2, Derby, Firebird, H2, Hana, HSQLDB, Informix, Ingres, MaxDB, Mckoi, MySQL{MariaDb}, Neo4j, NuoDB, Oracle, PostgreSQL, SQLite, SQL Server, Sybase, Teradata and Vertica Multiple injection strategies: Normal, Error, Blind and Time SQL Engine to study and optimize SQL expressions Injection of multiple targets Search for administration pages Creation and visualization of Web shell and SQL shell Read and write files on the host using injection Bruteforce of password’s hash Code and decode a string Changelog jSQL Injection v0.85 Compliance to Java 17 Switch to native HttpClient [hide][Hidden Content]]
  9. Android Phishing Application. Term of Use: - This Project is for Educational purposes only. - The Developer of this application is not responsible of any bad usage. [hide][Hidden Content]]
  10. Master Top Techniques Used by Hackers, Get Hands-on Practical Exercises to "Know the Enemy" and Secure Your Apps. What you'll learn Web Security Fundamentals OWASP Top 10 Hacking Techniques Cyber Security Penetration Testing Bug Bounty Application Security SQL injection Cross-site Scripting XSS Cross-site Request Forgery CSRF Sensitive Data Exposure Weak Authentication Requirements Basic networking concepts Description *** Continuously Updated *** Welcome to "Ultimate Guide to Web Application Security OWASP Top Attacks" In this course, we will explore together the most common attacks against web applications, referred to as OWASP TOP 10, and learn how to exploit these vulnerabilities so that you have a solid background in order to protect your assets. You will: - Discover OWASP Top attacks and how they are performed and the tricks and techniques related to them. - Do extensive exercises on DVWA (Damn Vulnerable Web Application) and OWASP BWA (Broken Web Applications) to see in actual practice how to attack live systems and what goes on behind the scenes. - Learn to get information about a target domain and search for potential victims. - See the tools most used by hackers of all levels grouped in one place; the Kali Linux distribution. - Code some of your own scripts to get you started with advanced penetration where you will need to forge you own tools. DISCLAIMER: This course is for educational purposes only. Use at your own risk. You must have an explicit authorization to use these techniques and similar ones on assets not owned by you. The author holds no legal responsibility whatsoever for any unlawful usage leveraging the techniques and methods described in this course. If you like the course, please give a rating and recommend to you friends. Who this course is for: IT Security practitioner Developer Network Engineer Network Security Specialist Cyber Security Manager Penetration Tester [Hidden Content] [hide][Hidden Content]]
  11. What you'll learn Learn how Burp Suite is used in web application hacking Learn how to find and exploit common vulnerabilities with Burp Learn how Burp Suite can help automate attacks Follow along with practical examples through vulnerable labs Hands-on Examples Requirements Basic knowledge of HTTP protocols and communications Basic knowledge of web applications Description This course will introduce Burp Suite and demonstrate the common modules and tools used by web application hackers to find and exploit vulnerabilities. This course provides practical examples through the PortSwigger labs and DVWA to help solidify the concepts and give you the opportunity to exploit systems. This course focuses on using Burp Suite to attack web applications. We will primarily use the community version, as it is free and accessible, and provides the important functionality required to start attacking systems. I've provided links to all of the resources used in the video, so you can follow along and practice your skills with the videos! Who this course is for: IT security engineers Students looking to learn IT security Ethical Hackers and Penetration Testers Bug Bounty hunters targetting web applications [Hidden Content] [hide][Hidden Content]]
  12. What you'll learn Web Security Fundamentals OWASP Top 10 Hacking Techniques Cyber Security Penetration Testing Bug Bounty Application Security SQL injection Cross-site Scripting XSS Cross-site Request Forgery CSRF Sensitive Data Exposure Weak Authentication Requirements Basic networking concepts Description *** Continuously Updated *** Welcome to "Ultimate Guide to Web Application Security OWASP Top Attacks" In this course, we will explore together the most common attacks against web applications, referred to as OWASP TOP 10, and learn how to exploit these vulnerabilities so that you have a solid background in order to protect your assets. You will: - Discover OWASP Top attacks and how they are performed and the tricks and techniques related to them. - Do extensive exercises on DVWA (Damn Vulnerable Web Application) and OWASP BWA (Broken Web Applications) to see in actual practice how to attack live systems and what goes on behind the scenes. - Learn to get information about a target domain and search for potential victims. - See the tools most used by hackers of all levels grouped in one place; the Kali Linux distribution. - Code some of your scripts to get you started with advanced penetration where you will need to forge you own tools. DISCLAIMER: This course is for educational purposes only. Use at your own risk. You must have an explicit authorization to use these techniques and similar ones on assets not owned by you. The author holds no legal responsibility whatsoever for any unlawful usage leveraging the techniques and methods described in this course. If you like the course, please give a rating and recommend to you friends. *** Update 02/23/2021 *** : A dedicated section to OWASP project and Top 10 list. Who this course is for: IT Security practitioner Developer Network Engineer Network Security Specialist Cyber Security Manager Penetration Tester [Hidden Content] [Hidden Content]
  13. Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross-site scripting, and path traversal. Why is this tool made in C language? C has a high delay time for writing and debugging, but no pain no gain, have fast performance, addition to this point, the C language is run at any architecture like Mips, ARM, and others… other benefits of C, have a good and high profile to write optimizations if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is a good choice. Why you do not use POO ? in this project I follow the”KISS” principle: [Hidden Content] It Simple C language has a lot of old school dudes like a kernel hacker… Raptor is very simple, have three layers reverse proxy, blacklist, and Match(using deterministic finite automaton). Proxy using the select() function to check multiple sockets, at the future change to use libevent(signal based is very fast) If someone sends a request, Raptor does address analysis… Address blacklisted? block! If deterministic finite automaton and Blacklist don’t match, Raptor doesn’t blockRaptor get a Request with GET or POST method and make some analysis to find dirt like an sql injection, cross-site scripting… Raptor gets a Request with GET or POST method and makes some analysis to find dirt like an sql injection, cross-site scripting… External match string mode • At directory, config has a file of lists of rules • You can match the string with different algorithms • You can choose with an argument –match or -m • Choice one option between Karpe Rabin, DFA, or Boyer Moore Horspool Changelog v0.6.2 Patch fix to the improving documentation. to run: $ git clone [Hidden Content] $ cd raptor_waf; make; bin/raptor Don’t execute with “cd bin; ./raptor” use path “bin/raptor” look detail [Hidden Content] [hide][Hidden Content]]
  14. Description Welcome to “Android Development and Android Application Hacking” course. In this course, you will learn Android development and Android Hacking at the same. Do you want to improve your career options by learning Android app Development? Do you want to learn Android Development from scratch? Do you want to be an Android Studio master? Do you want to build your first app? Do you care about the security of your application? If your answer is “yes” to these questions and if you want more, you are at the right place! You will learn Android development step-by-step with hands-on demonstrations. In this course, we will learn to build and publish 2 major apps. During the lectures, we will also be practicing with more than 10 examples. Also, Android is the world’s most popular mobile operating system and as a result there are potentially millions of smartphone users at risk of data theft and other cyber attacks. That’s way in this course, we also focused on Android hacking. Mobile phones, tablets, computers and more have become an essential part of our daily life. People using the phones could be hit by bugs that are distributed widely and can be exploited by hackers relatively easily. These devices store critical information that needs to be protected from those who want to access it without our knowledge such as our contact list, passwords, emails etc. This is where the importance of the mobile phone’s security comes into play. This course is for all levels. We will take you from beginner to advance level. You will learn step-by-step with hands-on demonstrations. At the end of the course you will learn; Learn Android App Development step by step Learn Java Android Studio Gradle Build System Android Components Learn Publishing Android App on Google Play Learn Releasing Android App Become a professional Anroid App developer Android Software Stack Android Run time (ART) Analysis of APK file Structure in Android Studio Android’s Security Model Application Sandboxing Permissions and Selinux Connect Emulator or real device and Kali Rooting Basics Reverse Engineering an APK file Information Gathering Repackaging and Resigning an APK Static Analysis with MobSF Root Detection Obfuscation Techniques OWASP Mobile Top 10 Vulnerabilities Android Pentesting on vulnerable mobile apps Enroll now, start your own App business and work from anywhere in the World No prior knowledge is needed! It doesn’t need any prior knowledge. Why would you want to take this course? Our answer is simple: The quality of teaching. When you enroll, you will feel the OAK Academy’s seasoned instructors’ expertise. Fresh Content It’s no secret how technology is advancing at a rapid rate. New tools are released every day, Google updates Android and it’s crucial to stay on top of the latest knowledge. With this course, you will always have a chance to follow the latest trends. Video and Audio Production Quality All our contents are created/produced as high-quality video/audio to provide you the best learning experience. You will be, Seeing clearly Hearing clearly Moving through the course without distractions You’ll also get: Lifetime Access to The Course Fast & Friendly Support in the Q&A section Udemy Certificate of Completion Ready for Download Dive in now! We offer full support, answering any questions. Who this course is for: A total beginner, with a curious mind and wants to be an app developer Anyone who wants to become an Android Developer Anyone who has no previous coding experience but wants to become expert Penetration testers who want to do a Penetration Testing against Android mobile phones. Application developers who want to write secure mobile applications. Anyone who want to protect themselves against mobile attacks. Requirements No prior knowledge is required! No programming knowledge required! 4 GB (Gigabytes) of RAM or higher (8 GB recommended) 64-bit system processor is mandatory 10 GB or more disk space Enable virtualization technology on BIOS settings, such as “Intel-VTx” Desire to learn Android Application Development, understand hacker tools and techniques All items referenced in this course are Free A strong work ethic, willingness to learn and plenty of excitement about the back door of the digital world Don`t worry. Setup and installation instructions are included for each platform Nothing else! It’s just you, your computer and your ambition to get started today [Hidden Content] Content: [hide][Hidden Content]]
  15. Ethical Hacking for Complete Beginners What you’ll learn In this course, you will learn some of the most common Web Application Vulnerabilities and how to submit them to Bug Bounty Programs, all while building a strong foundation for furthering your education. Requirements There are no prerequisites for this course! All you need is a computer and an internet connection. Description In this course, we will cover all that is required for you to begin your Bug Bounty career! We will set up your working environment and learn how to do recon on the target application. Some of the Vulnerabilities that are covered include: URL manipulation, IDOR’s, Business Logic Errors, SQL injection, XSS and more! No prior experience is necessary. I have designed this course knowing that there will be many students who want to learn bug bounty hunting, who do not have any knowledge of programing or programming languages. Therefore, this course was developed in such a way that you do not need to possess any coding skills. (However, in a separate intermediate level course, it will be advantageous that you have some basic programming skills in order to follow along.) I will walk you through finding programs that you are interested in researching and help you understand what vulnerabilities are permitted on the application, as well as which ones are labeled as out of scope. I update this course regularly and respond to questions as soon as I can. I encourage my students to ask questions when you don’t understand a concept. Please let me know if a video is out of date or the instruction is not clear so I can update the videos and make this the best possible learning experience for you! Who this course is for: This course is for beginner students interested in Bug Bounty Hunting & Web Application Testing. [Hidden Content] Content: [hide][Hidden Content]]
  16. APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android. [hide][Hidden Content]]
  17. Ghidra is a free and open-source Software for Reverse Engineering of executable program(Binary) including Mobile Apps. Ghidra supports installation on multiple OS platforms inc. Windows, Linux and MacOS. [hide][Hidden Content]]
  18. jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is also part of the official penetration testing distribution Kali Linux and is included in other distributions like Pentest Box, Parrot Security OS, ArchStrike, or BlackArch Linux. This software is developed using great open-source libraries like Spring, Spock, and Hibernate, and it uses the platform Travis CI for continuous integration. Each program update is tested with Java version 8 through 13 in the cloud, against various MySQL, PostgreSQL, and H2 databases. Source code is open to pull requests and to any contribution on multi-threading, devops, unit and integration tests, and optimization. Features Automatic injection of 23 kinds of databases: Access, CockroachDB, CUBRID, DB2, Derby, Firebird, H2, Hana, HSQLDB, Informix, Ingres, MaxDB, Mckoi, MySQL{MariaDb}, Neo4j, NuoDB, Oracle, PostgreSQL, SQLite, SQL Server, Sybase, Teradata and Vertica Multiple injection strategies: Normal, Error, Blind and Time SQL Engine to study and optimize SQL expressions Injection of multiple targets Search for administration pages Creation and visualization of Web shell and SQL shell Read and write files on the host using injection Bruteforce of password’s hash Code and decode a string Changelog jSQL Injection v0.83 Various new preferences like thread control, User-agent, Zip, and Dios modes Add 11 database engines: a total of 34 engines Multi modules for continuous integration Fingerprint, stability, and more [hide][Hidden Content]]
  19. Features Over 15 integrated messaging and calling APIs included with JSON Unlimited (with abuse protection) and super-fast bombing with multithreading Possibility of international API support (APIs are offline) Flexible with addition of newer APIs with the help of JSON documents Actively supported by the developers with frequent updates and bug-fixes Intuitive auto-update feature and notification fetch feature included Recently made free and open-source for community contributions Modular codebase and snippets can be easily embedded in other program Note: Deprecation Warning: All TBomb versions below v2.0 will no longer work after 14-11-2020. All TBomb users need to update to v2.0 ASAP Due to overuse of script, a bunch APIs have been taken offline. It is okay if you do not receive all the messages. The application requires active internet connection to contact the APIs You would not be charged for any SMS/calls dispatched as a consequence of this script For best performance, use single thread with considerable delay time Always ensure that you are using the latest version of TBomb and have Python 3 This application must not be used to cause harm/discomfort/trouble to others By using this, you agree that you cannot hold the contributors responsible for any misuse [hide][Hidden Content]]
  20. Why would you use Scant3r? Scant3r Scans all URLs with multiple HTTP Methods and Tries to look for bugs with basic exploits as XSS - SQLI - RCE - CRLF -SSTI from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way :) OS Support : Linux Android Windows [hide][Hidden Content]]
  21. APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android. Changelog v2.1.1 Fixed bug with `–output-dir- not working with absolute paths within docker container (#171) – thanks @iantruslove Reduce docker layers and sizes – thanks @superpoussin22 Add scan_file_obj API Fixed some error handling Add --include-types option Fix rule identifier counting Improve rule hash stability Improve file type detection for ELFs If using filename for typing, consider .jar files as zips. For the rules: Beefed up DexGuard detection Correct dexlib1 detection Add ApppSuit detection – thanks @enovella Add SafeEngine detection – thanks @horsicq Several other fixes and improvements [hide][Hidden Content]]
  22. Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters Web Application Security Recon Automation Framework It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like - Subdomains from - Amass ,findomain, subfinder & resolvable subdomains using shuffledns Screenshots Port Scan JS files Httpx Status codes of subdomains Dirsearch file/dir paths by fuzzing [hide][Hidden Content]]
  23. A web application that makes it easy to run your pentest and bug bounty projects. Description The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan and subdomain search. [hide][Hidden Content]]
  24. OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for the web-security enthusiast. Mutillidae can be installed on Linux and Windows using a LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software. Features Has over 40 vulnerabilities and challenges. Contains at least one vulnerability for each of the OWASP Top Ten 2007, 2010 and 2013 Actually Vulnerable (User not asked to enter “magic” statement) Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own web server. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. Installs easily by dropping project files into the “htdocs” folder of XAMPP. Will attempt to detect if the MySQL database is available for the user Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA) Contains 2 levels of hints to help users get started Includes bubble-hints to help point out vulnerable locations Bubble-hints automatically give more information as hint level incremented System can be restored to default with a single click of “Setup” button User can switch between secure and insecure modes Secure and insecure source code for each page stored in the same PHP file for easy comparison Provides data capture page and stores captured data in database and file Allows SSL to be enforced in order to practice SSL stripping Used in graduate security courses, incorporate web sec training courses, and as an “assess the assessor” target for vulnerability software Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools Instructional Videos: [Hidden Content] Updates tweeted to @webpwnized Updated frequently Project Whitepaper Changelog v2.7.11 New CSP page User-interface updates Bug-fixes [hide][Hidden Content]]
  25. Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross-site scripting, and path traversal. Why is this tool made in C language? C has a high delay time for writing and debugging, but no pain no gain, have fast performance, addition to this point, the C language is run at any architecture like Mips, ARM, and others… other benefits of C, have a good and high profile to write optimizations if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is a good choice. Why you do not use POO ? in this project I follow the”KISS” principle: [Hidden Content] It Simple C language has a lot of old school dudes like a kernel hacker… Changelog v0.6.1 Fix memory error handler [hide][Hidden Content]]