Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'scanning'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. What is Osmedeus? Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Feature Subdomain Scan. Subdomain TakeOver Scan. Screenshot the target. Basic recon like Whois, Dig info. Web Technology detection. IP Discovery. CORS Scan. SSL Scan. Wayback Machine Discovery. URL Discovery. Headers Scan. Port Scan. Vulnerable Scan. Seperate workspaces to store all scan output and details logging. REST API. React Web UI. Support Continuous Scan. Slack notifications. Easily view the report from the command line. Changelog v4.4 The default folder for workspaces has been updated to $HOME/workspaces-osmedeus/ from the previous location at $HOME/.osmedeus/workspaces/ The database has now been switched to a file-based system, making it simpler to transfer between machines. The user interface has undergone a revamp. Improvements in the performance of distributed scans. A new health check command has been included in the provider command, allowing you to monitor progress at a later time by leaving the instance open. Refactoring a lot of the helper messages throughout the tool [hide][Hidden Content]]
  2. CRLFsuite is a fast tool specially designed to scan CRLF injection. Features ✔️ Single URL scanning ✔️ Multiple URL scanning ✔️ Stdin supported ✔️ GET & POST method supported ✔️ Concurrency ✔️ Best Payloads list ✔️ Headers supported ✔️ Fast and efficient scanning with negligible false-positive Changelog v2.0 ✔️ WAF detection ✔️ XSS through CRLF injection scanning ✔️ Improved and fixed bugs in crlfscanner.py ✔️ Enhanced scanning techniques [hide][Hidden Content]]
  3. AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. Features Fully automatic! (Use -y flag to enable) Detect network IP range without any user input. Vulnerability detection based on version. Get information about the vulnerability right from your terminal. Automatically download exploit related with vulnerability. Noise mode for creating a noise on the network. Evasion mode for being sneaky. Automatically decide which scan types to use based on privilege. Easy to read output. Function to output results to a file. Argument for passing custom nmap flags. Specify your arguments using a config file. [hide][Hidden Content]]
  4. CRLFsuite is a fast tool specially designed to scan CRLF injection. [hide][Hidden Content]]
  5. Automatic Reconnaissance and Scanning in Penetration Testing. What is Osmedeus? Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Feature Subdomain Scan. Subdomain TakeOver Scan. Screenshot the target. Basic recon like Whois, Dig info. Web Technology detection. IP Discovery. CORS Scan. SSL Scan. Wayback Machine Discovery. URL Discovery. Headers Scan. Port Scan. Vulnerable Scan. Seperate workspaces to store all scan output and details logging. REST API. React Web UI. Support Continuous Scan. Slack notifications. Easily view the report from the command line. Changelog v4.1.1 Added a new clean-up script for public ffuf to show more beautiful output. Added a new workflow for testing notifications. Added a detailed notification setup page at docs.osmedeus.org/installation/notification/. Added a new tool str-replace to generate even more permutation subdomains (see probing module). [hide][Hidden Content]]
  6. Ostorlab is a security scanning platform that enables running complex security scanning tasks involving multiple tools in an easy, scalable, and distributed way. Ostorlab provides: CLI to run scans locally and on Ostorlab’s Cloud and access the results. SDK to build scanner components called Agents. Store to publish Agents and share them with the community. Automated Agent builder that takes care of automatically building and releasing Agents directly from the source code repo. Ostorlab supports scanning everything, from mobile applications, web applications, IP addresses to containers, and with that targeting the detection of almost everything, from finding simple configuration issues, crawling for secrets to running a full-blown dynamic analysis environment. Ostorlab covers both Android and iOS platforms and can identify over 250 classes of vulnerabilities and over 100.000 outdated vulnerable dependencies. Ostorlab is built from the start to target Mobile Applications and uses powerful static analysis coupled with dynamic and behavioral analysis to ensure high coverage of the application’s attack surface, and validate findings to enable false-positive free results. Changelog v0.2.3 Add openvas example. by @mohsinenar in #202 Fix typo in delete agent by @3asm in #203 Update readme Image by @3asm in #204 Add cloud list vulnz by @mohsinenar in #198 Add proto for domain fingerprint by @RabsonJ in #205 [hide][Hidden Content]]
  7. Ostorlab is a security scanning platform that enables running complex security scanning tasks involving multiple tools in an easy, scalable, and distributed way. Changelog v0.1.17 Add separation between pre and post agents. by @3asm in #170 [hide][Hidden Content]]
  8. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a Ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and examine them based on Selenium. I talk about naming. Dal(달) is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS). Changelog v2.6.1 741f6c0 update package 15bf693 tap v2.6.1 17be4d8 chore: update contributors [skip ci] 4ac6e1f Merge pull request #321 from hahwul/dev 5c1e792 Merge pull request #319 from hahwul/main fd65dc3 Merge pull request #317 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.6 90b5090 Merge pull request #316 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.6 2d832bb Merge branch ‘main’ of [Hidden Content] into main 2fb311a Bump github.com/swaggo/swag from 1.7.4 to 1.7.6 237def7 Bump github.com/chromedp/chromedp from 0.7.4 to 0.7.6 9b9f256 (#320) Update lib interface 0eabf85 (#318) Add PoCType in lib fdb9d74 (#315) Add gzip handling in SendReq function 9ab9e6f (#315) Add gzip handling in ParamterAnalysis [Hidden Content]
  9. Erebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on a large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and Erebus will test every parameter that passes through the proxy. [hide][Hidden Content]]
  10. Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the vulnerability actually exists. It currently has vulnerability scanning (poc) and exploiting (exp) modes. Use “-m” to select which mode to use, and the default poc mode is the default. In poc mode, it also supports “-f” batch target scanning, “-o” File output results and other main functions, Other functions Options Or python3 vulmap.py -h, the Poc function will no longer be provided in the exploit mode, but the exploit will be carried out directly, and the exploit result will be fed back to further verify whether the vulnerability exists and whether it can be exploited. Changelog v0.8 Support scanning dismap recognition result file -f output.txt Added coremail, ecology, eyou, qianxin, ruijie vulnerabilities in categories POC added Apache OFBiz CVE-2021-29200 CVE-2021-30128 POC added Apache Solr CVE-2021-27905 POC added Fastjson echo VER-1224-2 VER-1224-3 POC added Oracle Weblogic CVE-2016-0638 CVE-2018-3191 CVE-2019-2890 [hide][Hidden Content]]
  11. Changelog v2.5.2 Patch Fix incompatible issue on Windows (#40) Replace all inline-flags PCRE pattern Remove Vault Token pattern due to false-positive Add kotlin to blacklist LinkFinder as class name Stripping secrets result of LinkFinder [hide][Hidden Content]]
  12. Scanning APK file for URIs, endpoints & secrets. Changelog v2.5 Added patterns: Facebook Secret Key Facebook ClientID Twitter ClientID Twitter Secret Key Artifactory API Token Artifactory Password Authorization Basic Authorization Bearer Basic Auth Credentials Cloudinary Basic Auth Mailto Vault Token [hide][Hidden Content]]
  13. apkLeaks Scanning APK file for URIs, endpoints & secrets. Changelog v2.1 Fix linter [hide][Hidden Content]]
  14. A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool. Requirements Tested with Parrot & Debian Operating Systems and Windows 10 [hide][Hidden Content]]
  15. The Hawkeye scanner-cli is project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Designed to be entirely extensible by just adding new modules with the correct signature to lib/modules Modules return results via a common interface, which permits consolidated reporting and artifact generation Should be very easy to run regardless of the type of project that you’re scanning Modules Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met. For example: The npm outdated module would only run if a package.json is detected in the scan target – as a result, you don’t need to tell Hawkeye what type of project you are scanning. Generic Modules files-ccnumber: Scans for suspicious file contents that are likely to contain credit card numbers files-contents: Scans for suspicious file contents that are likely to contain secrets files-entropy: Scans files for strings with high entropy that are likely to contain passwords. Entropy scanning is disabled by default because of the high number of false positives. It is useful to scan codebases every now and then for keys, in which case please run it please using the -m files-entropy switch. files-secrets: Scans for suspicious filenames that are likely to contain secrets Java java-find-secbugs: Finds common security issues in Java code with findsecbugs java-owasp: Scans Java projects for gradle/maven dependencies with known vulnerabilities with the OWASP dependency checker Node.js node-crossenv: Scans node projects for known malicious crossenv dependencies node-npmaudit: Checks node projects for dependencies with known vulnerabilities with npm audit node-npmoutdated: Checks node projects for outdated npm modules with npm outdated PHP php-security-checker: Checks whether the composer.lock contains dependencies with known vulnerabilities using security-checker Python python-bandit: Scans for common security issues in Python code with bandit. python-piprot: Scans python dependencies for out of date packages with piprot python-safety: Checks python dependencies for known security vulnerabilities with the safety tool. Ruby ruby-brakeman: Statically analyzes Rails code for security issues with Brakeman. ruby-bundler-scan: Scan for Ruby gems with known vulnerabilities using bundler Adding a module If you have an idea for a module, please feel free open a feature request in the issues section. If you have a bit of time left, please consider sending us a pull request. To see modules work, please head over to the modules folder to find how things are working. [hide][Hidden Content]]
  16. Scanning APK file for URIs, endpoints & secrets. [hide][Hidden Content]]
  17. GitHub just announced that its new code scanning feature, GitHub code scanning, is now generally available. The new feature of the developer platform that Microsoft bought in 2018 for 7.5 billion dollars can scan any public repository for vulnerabilities. The idea is to offer a native function within GitHub that can find vulnerabilities in the code of a repository before they reach production. If you have a public repo on GitHub, you can activate it from now on following the official documentation. Automated security as part of your workflow With the function active, the code will be revised as it is created, and areas that could be exploited in the future will be highlighted. At GitHub they hope that with this feature active they can catch bugs early to significantly reduce security incidents in the future. GitHub code scanning integrates with GitHub Actions or your existing CI / CD environment to maximize team flexibility. Scans code as it is created and displays actionable security reviews within pull requests and other GitHub experiences, all to automate security as part of your workflow. Before its launch, code scanning went through several months of testing. So far it has scanned 12,000 repositories 1.4 million times, and in total it has detected 20,000 security problems, from bugs that allowed remote code execution, through cross-site scripting, to SQL injection. During the tests the developers and those in charge of maintaining the repositories resolved 72% of the security flaws identified in their pull requests before merging after the first 30 days. This is important data since industry data shows that less than 30% of vulnerabilities are fixed within a month after being discovered. [Hidden Content]
  18. Scantron Scantron is a distributed nmap scanner comprised of two components. The first is a master node that consists of a web front end used for scheduling scans and storing nmap scan targets and results. The second component is an agent that pulls scan jobs from the master and conducts the actual nmap scanning. A majority of the application’s logic is purposely placed on the master to make the agent(s) as “dumb” as possible. All nmap target files and nmap results reside on master and are shared through a network file share (NFS) leveraging SSH tunnels. The agents call back to master periodically using a REST API to check for scan tasks and provide scan status updates. [hide][Hidden Content]]
  19. V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk. Feature: Cloudflare Resolver[Cloudbuster] Metasploit Modules Scans[To be released] LFI->RCE and XSS Scanning[LFI->RCE & XSS] SQL Injection Vuln Scanner[SQLi] Extremely Large D0rk Target Lists AdminPage Finding Toxin Vulnerable FTPs Scanner DNS BruteForcer Python 3.6 Asyncio based scanning [hide][Hidden Content]]
  20. JSScanner Scanning JS Files for Endpoints and Secrets Gather the javascript file links present in a domain. Discover the endpoints present in those javascript Then save those javascript files for further static analysis where we can look for hardcoded credentials and stuff [hide][Hidden Content]]
  21. Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal/directory climbing vulnerabilities. It is built to make it as performant as possible and to offer a wide arsenal of filter evasion techniques. How does it work? Vailyn operates in 2 phases. First, it checks if the vulnerability is present. It does so by trying to access /etc/passwd, with all of its evasive payloads. Analyzing the response, payloads that worked are separated from the others. Why phase separation? The separation in several phases is new in this version. It is done to hugely improve the performance of the tool. In previous versions, every file-directory combination was checked with every payload. This resulted in a huge overhead due to payloads being always used again, despite they are not working for the current server. Changelog v1.5.1-3 [New Features] Tor support now for Windows, too. Tor service must be started manually beforehand. [Bug Fixes] fixed an issue on Windows, where the tool would crash for targets with custom port or BasicAuth, because : is not an allowed directory character fixed terminal output flood during attack by providing an extra progress function color output should work now on Windows, please report back if it still doesn’t [hide][Hidden Content]]
  22. Options Available : 1. SQL Injection Pentester 2. Common SQLi Vulnerability Scanner 3. Advanced SQLi Vulnerability Scanner 4. Common Web Vulnerability Scanner 5. Automated CMS Detector 6. Web CMS WordPress Vulnerability Scanner 7. Web CMS Magento Vulnerability Scanner 8. Web CMS Joomla Vulnerability Scanner 9. Web CMS Lokomedia Vulnerability Scanner 10. Web CMS Drupal Vulnerability Scanner + Shell Uploader 11. Web Information Gathering Kit Update's New Feature [18 Options] 12. CloudFlare WAF Protection Bypasser Update's New Feature 13. Dork Scanner 14. Automated Open Port Scanner 15. Denial of Service Attack 16. Admin Page Detector (7475 Pages Will be Scanned) 17. About the Programmer 18. Exit the Program [HIDE][Hidden Content]]
  23. Descripción Descripción del producto Over 90 hands-on recipes explaining how to leverage custom scripts and integrated tools in Kali Linux to effectively master network scanning About This Book Learn the fundamentals behind commonly used scanning techniques Deploy powerful scanning tools that are integrated into the Kali Linux testing platform A step-by-step guide, full of recipes that will help you use integrated scanning tools in Kali Linux, and develop custom scripts for making new and unique tools of your own Who This Book Is For "Kali Linux Network Scanning Cookbook" is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience. What You Will Learn Develop a network-testing environment that can be used to test scanning tools and techniques Understand the underlying principles of network scanning technologies by building custom scripts and tools Perform comprehensive scans to identify listening on TCP and UDP sockets Examine remote services to identify type of service, vendor, and version Evaluate denial of service threats and develop an understanding of how common denial of service attacks are performed Identify distinct vulnerabilities in both web applications and remote services and understand the techniques that are used to exploit them In Detail Kali Linux Network Scanning Cookbook will introduce you to critical scanning concepts. You will be shown techniques associated with a wide range of network scanning tasks that include discovery scanning, port scanning, service enumeration, operating system identification, vulnerability mapping, and validation of identified findings. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. This immersive guide will also encourage the creation of personally scripted tools and the development of skills required to create them. Biografía del autor Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force, where he worked as an intrusion detection specialist, network vulnerability analyst, and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He holds a Bachelor's degree in Information Technology and multiple professional information security certifications, to include Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), eLearnSecurity Web Application Penetration Tester (eWPT), GIAC Certified Incident Handler (GCIH), Certified Network Defense Architect (CNDA), Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), and Computer Hacking Forensic Investigator (CHFI). He is also the writer and producer of Packt Publishing's e-learning video course, Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing. [Hidden Content]
  24. This has only been tested on Kali. It depends on the msfrpc module for Python, described in detail here: [Hidden Content] Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev git-core gem install pg Install current version of the msfrpc Python module from git: git clone git://github.com/SpiderLabs/msfrpc.git msfrpc cd msfrpc/python-msfrpc python setup.py install [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.