Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'scanner'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. Introduce xray is an excellent web vulnerability scanning tool, But only the command line version, Start via config.yaml file. In many cases, it is difficult to get started, and a GUI tool is needed to help newcomers use it faster. This tool is just a simple command line wrapper, not a direct method call. In the planning of xray, there will be a truly perfect GUI version of XrayPro tool in the future. Please look forward to it. [Hidden Content] [hide][Hidden Content]]
  2. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  3. This tool is very helpful for finding vulnerabilities present in Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves the generation of malicious inputs and evaluation of the application’s responses. These scanners are automated tools that scan web applications to look for security vulnerabilities. They test web applications for common security problems such as cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). This scanner uses different tools like nmap, dnswalk, dnsrecon, dnsenum, dnsmap, etc in order to scan ports, sites, hosts, and networks to find vulnerabilities like OpenSSL CCS Injection, Slowloris, Denial of Service, etc. [Hidden Content]
  4. Anti Spy has been developed to scan Android devices for potential spies effectively. Thanks to artificial intelligence, real-time signature updates, and heuristic detection methods, users are proactively protected against spyware and dangerous stalkerware. Antispyware Scanner Anti Spy is based on the intelligent Deep Detective™ technologies that protect hundreds of thousands of our users every day against hackers and targeted espionage attacks. The intelligent algorithms detect fraudulent elements like HiddenAds, FakeApps, Adware, LeadBolt, Sms-Thief, Backdoors, Rooting, Sms-Fraud, Key Logger, Exploits, BankBots, Anubis, AgentSmith, SMSReg, FinSpy, Ransomware, LokiBot, Banker, Sms Sender, AirPush, Root Exploits, etc. Whether foreign spies, hackers, spouse, friend, boss or a colleague, with just one click on the “SCAN” button, potential spy apps, and hidden spyware processes are detected. In only a few milliseconds, Anti Spy compares all process and app signatures with many thousands of anti-espionage algorithms. Intelligent protection against espionage and against (un) known spyware Protectstar™ Anti Spy detects not only known spy apps like mSpy, FinSpy, and many more, but also Spy-, SMS-, and GPS trackers, as well as monitoring apps often used by governments or law enforcement agencies in some countries. The artificial intelligence engine monitors the behavior of apps and processes. Any opportunity to spy on you using spyware, stalkers, trojans and other malware are proactively prevented. Thanks to the real-time scanner and heuristic scanning methods, even unknown spy headers are reported. An ideal combination Protectstar™ Anti Spy is perfect for use in combination with existing security solutions such as antivirus scanners and is suitable for excellent privacy protection in conjunction with Camera Guard™ and Micro Guard™. Guarantee from Protectstar™ Protectstar™ Anti Spy does not collect any personal data of the user on any medium. The app is also ad-free. Like all our apps! Features: + Free protection against espionage apps + Engine based on artificial intelligence with heuristic search methods + Anti Malware features: Detects spyware and various types of malware + Detection of known spy apps such as mSpy, FinSpy, FlexiSpy, Highster Mobile, Spy Phone, and many more that are often used by governments or law enforcement agencies. + Detects fraudulent elements like HiddenAds, FakeApps, Sms-Thief, Rooting, Sms-Fraud, Fake Installer, Exploits, BankBots, Anubis, AgentSmith, Ransomware, Banker, etc. + Detection of spies, SMS, and GPS trackers as well as monitoring apps. + It also detects hidden and disabled spies + Whitelist: Adding trusted apps to the exception list Regular updates + No root rights required Features of the optional PRO edition: + Realtime Protection + Priority updates of new algorithms every 30 minutes + Set up an automatic background scan at specific days and times + Enhanced heuristic anti-spy engine to detect more unknown spy apps What’s New: + Improvements for MY.PROTECTSTAR + Minor improvements Mod Info: Pro / Paid features unlocked; Disabled / Removed unwanted Permissions + Receivers + Providers + Services; Optimized and zipaligned graphics and cleaned resources for fast load; Ads Permissions / Services / Providers removed from Android.manifest; Ads links removed and invokes methods nullified; Ads layouts visibility disabled; Google Play Store install package check disabled; Debug code removed; Remove default .source tags name of the corresponding java files; Analytics / Crashlytics / Firebase disabled; Improved dark theme; Disabled startup splash; Remove promo apps of scan result; Disabled Support tab in settings; AOSP compatible mode; Languages: Full Multi Languages; CPUs: universal architecture; Screen DPIs: 160dpi, 240dpi, 320dpi, 480dpi, 640dpi; Original package signature changed; Release by Balatan. [Hidden Content] [hide][Hidden Content]]
  5. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  6. Introduce xray is an excellent web vulnerability scanning tool, But only the command line version, Start via config.yaml file. In many cases, it is difficult to get started, and a GUI tool is needed to help newcomers use it faster. This tool is just a simple command line wrapper, not a direct method call. In the planning of xray, there will be a truly perfect GUI version of XrayPro tool in the future. Please look forward to it. Fast command line web scanner, read the docs. -zen [Hidden Content] [Hidden Content]
  7. Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.1.5 LFI: adds a payload for loknop technique (chaining PHP filters) mod_cookie: Fix bad WSTG code for bad cookie attribute Core: use proxy settings for updating Core: fix creds options Core: update most dependencies [hide][Hidden Content]]
  8. Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new heap for any allocations from Beacon and encrypts entries before sleep. Code Obfuscation and Encryption Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE). Return Address Spoofing at Execution Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap). Sleep Without Sleep Delayed execution using WaitForSingleObjectEx. RC4 Encryption All encryption performed with SystemFunction032. [hide][Hidden Content]]
  9. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.1 – Fixed issue with dirsearch installation/command syntax update v9.1 – Updated Nuclei sc0pe templates v9.1 – Fixed issue with Nuclei sc0pe parsers not working v9.1 – Fixed issue with GAU installer/commmand not working v9.1 – Fixed issue with passive URL fetching v9.1 – Fixed issue with nuclei not being installed v9.1 – Removed error in hackertarget URL fetching v9.1 – Added dnsutils to installer to fix missing deps v9.1 – Fixed issue with gau in webscan modes not running v9.1 – Updated subfinder to latest version v9.1 – Added new email spoofing security checks to OSINT mode (-o) v9.1 – Removed spoofcheck.py v9.1 – Updated timeout settings for curl which was causing sockets/scans to hang v9.1 – Fixed issue with Nuclei symlink missing in installer v9.1 – Fixed issue with Nuclei sc0pe parser not parsing results correctly v9.1 – Fixed issue with Dirsearch not running due to invalid command settings v9.1 – Fixed issue with Nuclei templates not being installed v9.1 – Fixed issue with enum4linux command not being installed v9.1 – Fixed HackerTarget API integration v9.1 – Fixed issue with ping command not being installed v9.1 – Fixed issue with carriage returns in conf v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file v9.1 – Added verbose scan notifications for disabled conf options v9.1 – Updated default aux mode options in default sniper.conf [hide][Hidden Content]]
  10. K7 Scanner for Virus & BOTs comes with scanner Antivirus award-winning run in parallel with any Antivirus software which is currently installed on your PC. Technology Deep Scanning of it helps to remove BOT and Virus at high risk.Scans and remove BOTS, and Ransomware is high risk (including WannaCry). The features of K7 Scanner for Virus & BOTs Scan and remove BOTS, and Ransomware is high risk Run seamless with apps Anti-virus your existing No need to install. Can run from a USB drive. [hide][Hidden Content]]
  11. A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new heap for any allocations from Beacon and encrypts entries before sleep. Code Obfuscation and Encryption Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE). Return Address Spoofing at Execution Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap). Sleep Without Sleep Delayed execution using WaitForSingleObjectEx. RC4 Encryption All encryption is performed with SystemFunction032. Known Issues Not compatible with loaders that rely on the shellcode thread staying alive. [hide][Hidden Content]]
  12. Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.1.4 Crawler: Adds support for Firefox headless (using the new --headless option) Core: improve authentication. You can now pass HTTP auth (basic, ntml, etc) AND login by sending creds to an HTML form Core: remove internationalization [hide][Hidden Content]]
  13. Zero False Positives, Without Affecting Business Each loophole has undergone real experimental evidence, using refined semantic analysis + innovative detection technology to ensure that the loophole is real and effective, to avoid massive misreporting affecting the business judgment, and to save safety resources。 The Xray community is a free white hat tool platform launched by Nagaki Technology. Currently, the community has Xray loophole scanner Radium reptile The tools were created by many experienced safety developers and tens of thousands of community contributors [hide][Hidden Content]]
  14. An advanced command-line tool designed to brute force directories and files in webservers, AKA web path scanner Features Multithreaded Keep-alive connections Support for multiple extensions (-e|–extensions asp,php) Reporting (plain text, JSON) Heuristically detects invalid web pages Recursive brute forcing HTTP proxy support User-agent randomization Batch processing Request delaying Changelog v0.43 Automatically detect the URI scheme (http or https) if no scheme is provided SQLite report format Option to overwrite unwanted extensions with selected extensions Option to view redirects history when following redirects Option to crawl web paths in the responses HTTP traffic is saved inside log file Capability to save progress and resume later Support client certificate Maximum size of the log file via configuration [hide][Hidden Content]]
  15. Avine is an unfinished sql/dorking tool I made in python. A lot of things I never finished because I'm making a csharp version. If anyone is interesting in contributing to avine message me on discord: KillinMachine#2570. There will not be any updates as of now. The vulnerability Does not work. Some engines of the dork parser do work. I just wanted to release this for people to use if they really need something and to learn how it works. Excuse my messy code and some questionable ways I did things. About Avine is a python Dork Parser with a proxy scraper and sql/lfi scanner. Scanners do not work but can be fixed. This program was going to be sold thats why theres a login screen. I did not want to sell the python version due to it being slow. Please do give credit if you use my code anywhere! [hide][Hidden Content]]
  16. Note: If the tool is crashing you may need to remove non ascii characters from your urls [Hidden Content] [hide][Hidden Content]]
  17. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  18. Scant3r Scans all URLs with multiple HTTP Methods and content-types also, it tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way and scant3r will help you write your own python script faster, you don’t need to configure http/threads/errors/options/etc…, just by writing the main function in your script (also you can import scant3r function for write an awesome script), you can run it in your terminal or access your script from api [hide][Hidden Content]]
  19. Scant3r Scans all URLs with multiple HTTP Methods and content-types also, it tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way and scant3r will help you write your own python script faster, you don’t need to configure http/threads/errors/options/etc…, just by writing the main function in your script (also you can import scant3r function for write an awesome script), you can run it in your terminal or access your script from api [hide][Hidden Content]]
  20. I would like to talk about arachni, an open-source framework among many Web Vulnerability Scanners (WVS). I tested it briefly, and it seems to be usable. Also, you should learn how to secure coding plan. Arachni is a feature-full, modular, high-performance Ruby framework aimed at helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public, and available for review. It is multi-platform, supporting all major operating systems (MS Windows, Mac OS X, and Linux) and distributed via portable packages which allow for instant deployment. It is versatile enough to cover a lot of use cases, ranging from a simple command-line scanner utility to a global high-performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, its simple REST API makes integration a cinch. Finally, due to its integrated browser environment, it can support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation, and AJAX. Vulnerability detection Vulnerability detection scores represent the ability of a scanner to detect different types and permutations of vulnerabilities, as well as the accuracy of those results when dealing with pitfalls that commonly cause false positives. Vulnerability detection and accuracy scores can be found at: [Hidden Content] Arachni scores: SQL injection: 100% (0% false positives) Reflected XSS: 90.91% (0% false positives) — Misses cases which require support for the now obsolete VBScript language. Local file inclusion: 100% (0% false positives) Remote file inclusion: 100% (0% false positives) Unvalidated redirect: 100% (0% false positives) Backup files: 100% (0% false positives) Changelog v1.6.1.3 Updated Rack version. [hide][Hidden Content]]
  21. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  22. Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.1.2 Fix a crash that may occur after the crawling and before laucnhing attacks (connection pool was closed) [hide][Hidden Content]]
  23. [Hidden Content] [Hidden Content]
  24. PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because too easy to bypass rules. Changelog v1.0.14 Backdoor reported in #72 [hide][Hidden Content]]
  25. [hide][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.