Search the Community

Showing results for tags 'scanning'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 20 results

  1. Scanning APK file for URIs, endpoints & secrets. [hide][Hidden Content]]
  2. GitHub just announced that its new code scanning feature, GitHub code scanning, is now generally available. The new feature of the developer platform that Microsoft bought in 2018 for 7.5 billion dollars can scan any public repository for vulnerabilities. The idea is to offer a native function within GitHub that can find vulnerabilities in the code of a repository before they reach production. If you have a public repo on GitHub, you can activate it from now on following the official documentation. Automated security as part of your workflow With the function active, the code will be revised as it is created, and areas that could be exploited in the future will be highlighted. At GitHub they hope that with this feature active they can catch bugs early to significantly reduce security incidents in the future. GitHub code scanning integrates with GitHub Actions or your existing CI / CD environment to maximize team flexibility. Scans code as it is created and displays actionable security reviews within pull requests and other GitHub experiences, all to automate security as part of your workflow. Before its launch, code scanning went through several months of testing. So far it has scanned 12,000 repositories 1.4 million times, and in total it has detected 20,000 security problems, from bugs that allowed remote code execution, through cross-site scripting, to SQL injection. During the tests the developers and those in charge of maintaining the repositories resolved 72% of the security flaws identified in their pull requests before merging after the first 30 days. This is important data since industry data shows that less than 30% of vulnerabilities are fixed within a month after being discovered. [Hidden Content]
  3. Scantron Scantron is a distributed nmap scanner comprised of two components. The first is a master node that consists of a web front end used for scheduling scans and storing nmap scan targets and results. The second component is an agent that pulls scan jobs from the master and conducts the actual nmap scanning. A majority of the application’s logic is purposely placed on the master to make the agent(s) as “dumb” as possible. All nmap target files and nmap results reside on master and are shared through a network file share (NFS) leveraging SSH tunnels. The agents call back to master periodically using a REST API to check for scan tasks and provide scan status updates. [hide][Hidden Content]]
  4. V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk. Feature: Cloudflare Resolver[Cloudbuster] Metasploit Modules Scans[To be released] LFI->RCE and XSS Scanning[LFI->RCE & XSS] SQL Injection Vuln Scanner[SQLi] Extremely Large D0rk Target Lists AdminPage Finding Toxin Vulnerable FTPs Scanner DNS BruteForcer Python 3.6 Asyncio based scanning [hide][Hidden Content]]
  5. JSScanner Scanning JS Files for Endpoints and Secrets Gather the javascript file links present in a domain. Discover the endpoints present in those javascript Then save those javascript files for further static analysis where we can look for hardcoded credentials and stuff [hide][Hidden Content]]
  6. Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal/directory climbing vulnerabilities. It is built to make it as performant as possible and to offer a wide arsenal of filter evasion techniques. How does it work? Vailyn operates in 2 phases. First, it checks if the vulnerability is present. It does so by trying to access /etc/passwd, with all of its evasive payloads. Analyzing the response, payloads that worked are separated from the others. Why phase separation? The separation in several phases is new in this version. It is done to hugely improve the performance of the tool. In previous versions, every file-directory combination was checked with every payload. This resulted in a huge overhead due to payloads being always used again, despite they are not working for the current server. Changelog v1.5.1-3 [New Features] Tor support now for Windows, too. Tor service must be started manually beforehand. [Bug Fixes] fixed an issue on Windows, where the tool would crash for targets with custom port or BasicAuth, because : is not an allowed directory character fixed terminal output flood during attack by providing an extra progress function color output should work now on Windows, please report back if it still doesn’t [hide][Hidden Content]]
  7. FazScan is a Perl program to do some vulnerability scanning and pentesting. This program has 18 ultimate options. FazScan, Program for Vulnerability Scanning and Pentesting Options Available : 1. SQL Injection Pentester 2. Common SQLi Vulnerability Scanner 3. Advanced SQLi Vulnerability Scanner 4. Common Web Vulnerability Scanner 5. Automated CMS Detector 6. Web CMS WordPress Vulnerability Scanner 7. Web CMS Magento Vulnerability Scanner 8. Web CMS Joomla Vulnerability Scanner 9. Web CMS Lokomedia Vulnerability Scanner 10. Web CMS Drupal Vulnerability Scanner + Shell Uploader 11. Web Information Gathering Kit Update's New Feature [18 Options] 12. CloudFlare WAF Protection Bypasser Update's New Feature 13. Dork Scanner 14. Automated Open Port Scanner 15. Denial of Service Attack 16. Admin Page Detector (7475 Pages Will be Scanned) 17. About the Programmer 18. Exit the Program [HIDE][Hidden Content]]
  8. Options Available : 1. SQL Injection Pentester 2. Common SQLi Vulnerability Scanner 3. Advanced SQLi Vulnerability Scanner 4. Common Web Vulnerability Scanner 5. Automated CMS Detector 6. Web CMS WordPress Vulnerability Scanner 7. Web CMS Magento Vulnerability Scanner 8. Web CMS Joomla Vulnerability Scanner 9. Web CMS Lokomedia Vulnerability Scanner 10. Web CMS Drupal Vulnerability Scanner + Shell Uploader 11. Web Information Gathering Kit Update's New Feature [18 Options] 12. CloudFlare WAF Protection Bypasser Update's New Feature 13. Dork Scanner 14. Automated Open Port Scanner 15. Denial of Service Attack 16. Admin Page Detector (7475 Pages Will be Scanned) 17. About the Programmer 18. Exit the Program [HIDE][Hidden Content]]
  9. Descripción Descripción del producto Over 90 hands-on recipes explaining how to leverage custom scripts and integrated tools in Kali Linux to effectively master network scanning About This Book Learn the fundamentals behind commonly used scanning techniques Deploy powerful scanning tools that are integrated into the Kali Linux testing platform A step-by-step guide, full of recipes that will help you use integrated scanning tools in Kali Linux, and develop custom scripts for making new and unique tools of your own Who This Book Is For "Kali Linux Network Scanning Cookbook" is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience. What You Will Learn Develop a network-testing environment that can be used to test scanning tools and techniques Understand the underlying principles of network scanning technologies by building custom scripts and tools Perform comprehensive scans to identify listening on TCP and UDP sockets Examine remote services to identify type of service, vendor, and version Evaluate denial of service threats and develop an understanding of how common denial of service attacks are performed Identify distinct vulnerabilities in both web applications and remote services and understand the techniques that are used to exploit them In Detail Kali Linux Network Scanning Cookbook will introduce you to critical scanning concepts. You will be shown techniques associated with a wide range of network scanning tasks that include discovery scanning, port scanning, service enumeration, operating system identification, vulnerability mapping, and validation of identified findings. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. This immersive guide will also encourage the creation of personally scripted tools and the development of skills required to create them. Biografía del autor Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force, where he worked as an intrusion detection specialist, network vulnerability analyst, and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He holds a Bachelor's degree in Information Technology and multiple professional information security certifications, to include Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), eLearnSecurity Web Application Penetration Tester (eWPT), GIAC Certified Incident Handler (GCIH), Certified Network Defense Architect (CNDA), Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), and Computer Hacking Forensic Investigator (CHFI). He is also the writer and producer of Packt Publishing's e-learning video course, Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing. [Hidden Content]
  10. This has only been tested on Kali. It depends on the msfrpc module for Python, described in detail here: [Hidden Content] Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev git-core gem install pg Install current version of the msfrpc Python module from git: git clone git://github.com/SpiderLabs/msfrpc.git msfrpc cd msfrpc/python-msfrpc python setup.py install [HIDE][Hidden Content]]
  11. XSpear - Powerfull XSS Scanning And Parameter Analysis Tool Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysis Other headers..(Server version, Content-Type, etc...) Scanning from Raw file(Burp suite, ZAP Request) XSpear running on ruby code(with Gem library) Show table base cli-report and filtered rule, testing raw query(url) Testing at selected parameters Support output format cli json cli: summary, filtered rule(params), Raw Query Support Verbose level (quit / nomal / raw data) Support custom callback code to any test various attack vectors [HIDE][Hidden Content]]
  12. Dirble is a website directory scanning tool for Windows and Linux. It’s designed to be fast to run and easy to use. Changelog v1.4 Added Add ability to do scans using HEAD and POST requests Directories which return 401 and 403 codes are no longer scanned by default Not found detection now can detect response lengths that vary by the URL length Added dockerfile to git repository Commit hashes are now displayed with the version number in local builds Changed Wordlist items now have a leading and trailing slash removed Default wordlist location checks have been improved SimpleLog crate now used to print additional scanning information Silent and verbose flags now affect logging level Output for listable directories now has a bold L Wordlist splitting of initial URLs is increased Fixed Disable recursion flag now works as intended Validator always defaulting to 404 [HIDE][Hidden Content]]
  13. Python3 comprehensive scanning tool, mainly used for sensitive file detection (directory scanning and js leak interface), WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CDN, check the next station. Features Generate a dictionary list using Cartesian product method, support custom dictionary list Random UserAgent, XFF, X-Real-IP Customize 404-page recognition, access random pages and then compare the similarities through difflib to identify custom 302 jumps When scanning the directory, first detect the http port and add multiple http ports of one host to the scan target. Filter invalid Content-Type, invalid status? WAF/CDN detection Use the socket to send packets to detect common ports and send different payload detection port service fingerprints. Hosts that encounter full port open (portspoof) automatically skip Call wappalyzer.json and WebEye to determine the website fingerprint It is detected that the CDN or WAF website automatically skips Call nmap to identify the operating system fingerprint Call weak password detection script based on port open (FTP/SSH/TELNET/Mysql/MSSQL…) Call POC scan based on fingerprint identification or port, or click on the open WEB port of IP Analyze sensitive asset information (domain name, mailbox, apikey, password, etc.) in the js file Grab website connections, test SQL injection, LFI, etc. Call some online interfaces to obtain information such as VT, www.yougetsignal.com and other websites, determine the real IP through VT pdns, and query the website by www.yougetsignal.com and api.hackertarget.com. [HIDE][Hidden Content]]
  14. The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Designed to be entirely extensible by just adding new modules with the correct signature to lib/modules Modules return results via a common interface, which permits consolidated reporting and artefact generation Should be very easy to run regardless of the type of project that you’re scanning How it works Hawkeye is designed to be extensible by adding modules and writers. Add modules in the modules folder. Add writers in the writers folder. Modules Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met. For example: The npm outdated module would only run if a package.json is detected in the scan target – as a result, you don’t need to tell Hawkeye what type of project you are scanning. Generic Modules files-ccnumber: Scans for suspicious file contents that are likely to contain credit card numbers files-contents: Scans for suspicious file contents that are likely to contain secrets files-entropy: Scans files for strings with high entropy that are likely to contain passwords. Entropy scanning is disabled by default because of the high number of false positives. It is useful to scan codebases every now and then for keys, in which case please run it please using the -m files-entropy switch. files-secrets: Scans for suspicious filenames that are likely to contain secrets Java java-find-secbugs: Finds common security issues in Java code with findsecbugs java-owasp: Scans Java projects for gradle/maven dependencies with known vulnerabilities with the OWASP dependency checker Node.js node-crossenv: Scans node projects for known malicious crossenv dependencies node-npmaudit: Checks node projects for dependencies with known vulnerabilities with npm audit node-npmoutdated: Checks node projects for outdated npm modules with npm outdated PHP php-security-checker: Checks whether the composer.lock contains dependencies with known vulnerabilities using security-checker Python python-bandit: Scans for common security issues in Python code with bandit. python-piprot: Scans python dependencies for out of date packages with piprot python-safety: Checks python dependencies for known security vulnerabilities with the safety tool. Ruby ruby-brakeman: Statically analyzes Rails code for security issues with Brakeman. ruby-bundler-scan: Scan for Ruby gems with known vulnerabilities using bundler Adding a module If you have an idea for a module, please feel free open a feature request in the issues section. If you have a bit of time left, please consider sending us a pull request. To see modules work, please head over to the modules folder to find how things are working. Changelog v1.6 Update OWASP dependency check and bundle-audit at build time, no updates at runtime Remove the superfluous node-crossenv module Use temporary file for brakeman report instead of spamming the target folder Use temporary file for findsecbugs report instead of spamming the target folder Remove floating ruby dependencies [HIDE][Hidden Content]]
  15. What is Osmedeus? It allows you to do boring stuff in Pentesting automatically like reconnaissance and scanning the target by run the collection of awesome tools. Feature Subdomain Scan. Subdomain TakeOver Scan. Screenshot the target. Basic recon like Whois, Dig info. Web Technology detection. IP Discovery. CORS Scan. SSL Scan. Wayback Machine Discovery. URL Discovery. Headers Scan. Port Scan. Vulnerable Scan. Seperate workspaces to store all scan output and details logging. REST API. React Web UI. Support Continuous Scan. Slack notifications. Available modules with list tool being used Subdomain Scanning amass subfinder massdns Subdomain TakeOver Scanning subjack SubOver Screenshot the target aquatone EyeWitness Port Scanning masscan nmap Vulnerable Scan and beautify html report nmap-vulners nmap-bootstrap-xsl Git repo scanning truffleHog gitrob Doing some stuff with Burp State file sqlmap SleuthQL LinkFinder Directory search dirhunt dirsearch gobuster Bruteforce services brutespray Wordlists domain web-content Changelog v1.4 Adding new AssetFinding module powered mostly by tomnomnom. Direct mode (specific module) now very powerful Detail. Improve the API architecture, from now you can run multi targets without crash the routine. Improve main routine and add options for custom speed of the routine. Adding some security feature for the API. Improve search and sort from the UI. Fix a lot of bugs and refactoring a lot of things. [Hidden Content]
  16. Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes. Seccubus 2.x is the only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped. Seccubus V2 works with the following scanners: Nessus OpenVAS Skipfish Medusa (local and remote) Nikto (local and remote) NMap (local and remote) OWASP-ZAP (local and remote) SSLyze Medusa Qualys SSL labs testssl.sh (local and remote) [Hidden Content]
  17. SN1PER WEB VULNERABILITY SCANNING TOOL Sn1per is a vulnerability scanner that is ideal for penetration testing when scanning for vulnerabilities. The team behind the software, which is easily loaded into Kali Linux, have a free (community version) and a paid plan as well. Steps For Installation (LINUX ON TERMINAL) 1. git clone [hide][Hidden Content]] 2. cd Sn1per 3. chmod +x install.sh 4. ./install.sh
  18. A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. Cisco Immunet versions prior to 6.2.0 and Cisco AMP For Endpoints version 6.2.0 are affected. View the full article
  19. > [Hidden Content] This is a IP Tool kit its the central backbone of IPs on the whole internet ! You can Find any sort of company to IP to IP ranges that run certain OS for hackign and scanning i use for !