Search the Community

Showing results for tags 'vulnerability'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 64 results

  1. crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with DOM rendering stage, automatically fills and submits forms, with intelligent JS event triggering, and collects as many entries exposed by the website as possible. The built-in URL de-duplication module filters out a large number of pseudo-static URLs, still maintains a fast parsing and crawling speed for large websites, and finally gets a high-quality collection of request results. crawlergo currently supports the following features: chrome browser environment rendering Intelligent form filling, automated submission Full DOM event collection with automated triggering Smart URL de-duplication to remove most duplicate requests Intelligent analysis of web pages and collection of URLs, including javascript file content, page comments, robots.txt files and automatic Fuzz of common paths Support Host binding, automatically fix and add Referer Support browser request proxy Support pushing the results to passive web vulnerability scanners [hide][Hidden Content]]
  2. Introduction WPScan is a free and automated black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. You can use it to remotely scan WordPress installations, to find vulnerabilities within the core version, plugins, and themes. It’s maintained by the WPScan Team. Minor: New version for updated dependencies [hide][Hidden Content]]
  3. Erebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on a large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and Erebus will test every parameter that passes through the proxy. [hide][Hidden Content]]
  4. Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the vulnerability actually exists. It currently has vulnerability scanning (poc) and exploiting (exp) modes. Use “-m” to select which mode to use, and the default poc mode is the default. In poc mode, it also supports “-f” batch target scanning, “-o” File output results and other main functions, Other functions Options Or python3 vulmap.py -h, the Poc function will no longer be provided in the exploit mode, but the exploit will be carried out directly, and the exploit result will be fed back to further verify whether the vulnerability exists and whether it can be exploited. Changelog v0.8 Support scanning dismap recognition result file -f output.txt Added coremail, ecology, eyou, qianxin, ruijie vulnerabilities in categories POC added Apache OFBiz CVE-2021-29200 CVE-2021-30128 POC added Apache Solr CVE-2021-27905 POC added Fastjson echo VER-1224-2 VER-1224-3 POC added Oracle Weblogic CVE-2016-0638 CVE-2018-3191 CVE-2019-2890 [hide][Hidden Content]]
  5. Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.0.5 SQL: boolean based blind SQL injection support added Report: added CSV as output format Cookie: you can drop cookies from HTTP responses with –drop-set-cookie Cookie: you can load cookies from your browser with -c <chrome or firefox> Session: fixed an issue that might cause URLs being rescanned when resuming a session CMS: New modules to detect versions and installed modules for WordPress and Drupal Fingerprinting: several issues fixed on mod_wapp Crawler: HTTP requests are processed concurrently for faster crawling. Check the new –tasks option. [hide][Hidden Content]]
  6. Description In order to assess—and ultimately, decrease—an organization’s risk, IT security professionals must first evaluate and reduce existing vulnerabilities. If you’re working to strengthen network security at your organization, it’s essential to have a solid grasp of the processes, methodologies, and tools needed to assess vulnerabilities. In this course, security expert Lisa Bock takes a deep dive into the topic of vulnerability scanning, covering what you need to know to find and address weaknesses that attackers might exploit. Lisa goes over the basics of managing organizational risk, discusses vulnerability analysis methodologies, and shows how to work with vulnerability assessment tools, including Nikto and OpenVAS. Plus, she shares tools and strategies for defending the LAN. Lisa also includes challenge chapters to test your knowledge of each section, along with solutions videos for each challenge. Note: The Ethical Hacking series maps to the 20 parts of the EC-Council Certified Ethical Hacker (CEH) exam (312-50) version 11. Topics include: Common causes of vulnerabilities Identifying and assessing vulnerabilities The Common Vulnerability Scoring System (CVSS) Outsourcing vulnerability analysis Leveraging Nikto and other vulnerability assessment tools Securing mobile devices Defending the LAN [Hidden Content] [hide][Hidden Content]]
  7. WPrecon (WordPress Recon) Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Detection WAF Fuzzing Backup Files Fuzzing Passwords Random User-Agent Plugin(s) Enumerator Theme(s) Enumerator Scripts Tor Proxy User(s) Enumerator Vulnerability Version Checking (Beta) Changelog v1.6.2 alpha bug fix [hide][Hidden Content]]
  8. Gaidaros Gaidaros is designed to be a fast and simple open-source vulnerability security scanner and penetration testing tool concentrating on Apache Web Server. The tool follows the rule of pentesting checklist that automates the process of detecting and exploiting the target Web Server and its Web Applications’ vulnerabilities, also helps minimizing the time and effort of anyone looking forward to pentest a particular Web Server, and finally providing well-designed afterward reports. It comes with a powerful detection engine, numerous niche features for the ultimate penetration tester. Gaidaros specializes in the Reconnaissance Phase with the help of OSINT Framework and gets the most out of it. This tool, by any means, is not recommended to be a replacement for pentesters, it can only be recommended to be used as a versatile quick scanner and a helpful time-saver. All you need is the target url, and you are ready to go. Features Full Reconnaissance Apache Vuln Scanner Common Web Application Vuln Scanner OWASP Scanner Post-scan Reporting [hide][Hidden Content]]
  9. WPrecon (WordPress Recon) Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Detection WAF Fuzzing Backup Files Fuzzing Passwords Random User-Agent Plugin(s) Enumerator Theme(s) Enumerator Scripts Tor Proxy User(s) Enumerator Vulnerability Version Checking (Beta) Changelog v1.0 alpha New: Scripts in LUA Vuln Scan (Beta) Passive Mode User(s) Enumeration Aggressive Mode User(s) Enumeration Passive Mode Plugin(s) Enumeration Aggressive Mode Plugin(s) Enumeration Passive Mode Theme(s) Enumeration Aggressive Mode Theme(s) Enumeration Auto Finding Important File(s) [hide][Hidden Content]]
  10. Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Status Features Random Agent Detection WAF User Enumerator Plugin Scanner Theme Scanner Tor Proxy’s Detection Honeypot Vulnerability Scanner Admin Finder [hide][Hidden Content]]
  11. Sub 404 is a tool written in python which is used to check the possibility of subdomain takeover vulnerability and it is fast as it is Asynchronous. Why During the recon process, you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or the urllib method as it is very slow. Using Sub 404 you can automate this task in a much faster way. Sub 404 uses aiohttp/asyncio which makes this tool asynchronous and faster. How it works Sub 404 uses subdomains list from a text file and checks for url of 404 Not Found status code and in addition, it fetches CNAME(Canonical Name) and removes those URL which has target domain name in CNAME. It also combines results from subfinder and sublist3r(subdomain enumeration tool) if you don’t have target subdomains as two is better than one. But for this sublist3r and subfinder tools must be installed in your system. Sub 404 is able to check 7K subdomains in less than 5 minutes. Key Features: – Fast( as it is Asynchronous) – Uses two more tool to increase efficiency – Saves result in a text file for future reference – Umm that’s it, nothing much! [hide][Hidden Content]]
  12. Why would you use Scant3r? Scant3r Scans all URLs with multiple HTTP Methods and Tries to look for bugs with basic exploits as XSS - SQLI - RCE - CRLF -SSTI from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way :) OS Support : Linux Android Windows [hide][Hidden Content]]
  13. A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool. Requirements Tested with Parrot & Debian Operating Systems and Windows 10 [hide][Hidden Content]]
  14. A fast tool to scan CRLF vulnerability written in Go Changelog v1.2 Bump to 1.2.0 Update default concurrency to 25 (depends on escape lists) Trim double-quoted string safely escaped URLs Add escape lists [hide][Hidden Content]]
  15. Features Support url encoding bypass Support unicode encoding of HTML tag attribute value to bypass Support HTML encoding to bypass the HTML tag attribute value Support for flexible replacement of () '"to bypass Case bypass [hide][Hidden Content]]
  16. Introduction WPScan is a free and automated black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. You can use it to remotely scan WordPress installations, to find vulnerabilities within the core version, plugins, and themes. It’s maintained by the WPScan Team. [hide][Hidden Content]]
  17. FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. [hide][Hidden Content]]
  18. Trishul Trishul is an automated vulnerability finding Burp Extension. Built with Jython supports real-time vulnerability detection in multiple requests with user-friendly output. This tool was made to supplement testing where results have to be found in a limited amount of time. Currently, the tool supports finding Cross-Site Scripting, SQL Injections, and Server-Side Template Injections. More vulnerabilities would be added in the later versions. Configurations There are a couple of configurations available for a user to use Trishul. To view these configurations, head over to Trishul and view the config tab in the bottom left of the pane. Here is the List of Options Available: Intercept Button: With Intercept Button set to On, the tool will perform a test on all requests flowing to the website added in Scope. This button is restricted to scope as it is not feasible to test all the requests flowing to Burp from multiple domains. This would affect the performance. Auto-Scroll: With Auto-Scroll checked, the tool will scroll automatically to the last tested request. This option is feasible when testing a huge domain with Intercept turned on such that scrolling shouldn’t be a tough job. Detect XSS, SQLi, SSTI – These checkboxes are added if any user wants to only test for a specific vulnerability and want to omit other test cases. Used to obtain much faster results for a specific request. Blind XSS: This textbox is added for users who want to append their Blind XSS Payload for every parameter in a request. To use this, enter your Blind XSS payload (singular) in the text box and click on the Blind XSS Checkbox. Now, for every request passing through Trishul, the value of all parameters in the request would be replaced with the Blind XSS payload. Interpreting Results For every result, Trishul displays one of the three options for each of the vulnerability tested: Found: The vulnerability was successfully detected for the Request parameters. Not Found: The vulnerability was not present in the Request parameters. Possible! Check Manually: The vulnerability may be present. The tester has to reconfirm the finding. The test for these vulnerabilities depends on the parameters in the request. If the request has no parameters, Trishul would not process this request and would show Not Found in all of the vulnerabilities. If any of the Found/Possible! Check Manually is been seen under the vulnerability class for the specific request, the user has to click the result to see the vulnerable parameter displayed under the Vulnerability class in Issues Tab in the bottom left. The user then has to select the parameter displayed under the Vulnerability class and the description for that parameter would be shown to him. The user can then view the Request and Response which was sent from Trishul to determine the vulnerability. On Clicking the Highlighted Response Tab, you will be shown the highlighted text for some of the vulnerability class. For Example Payload reflection for Cross-Site Scripting or Error Based SQLi text shown in response. The Highlighted Response tab was added as there was no option in Burp API to highlight the response text in Burp’s MessageEditor Tab. [hide][Hidden Content]]
  19. lorsrf Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods. [hide][Hidden Content]]
  20. Additions: MkCheck - MikroTik Router Exploitation Framework. RouterSploit - Network Router Exploitation Framework. XSStrike - Cross Site Scripting detection suite. HoneyTel - TelNet-IoT-HoneyPot used to analyze collected botnet payloads. ACLight2 - Used to discover Shadow Admin accounts on an exploited system. SMBGhost - Now has a scanner, as well as an exploitative option. Overview Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM. Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test. [hide][Hidden Content]]
  21. FazScan is a Perl program to do some vulnerability scanning and pentesting. This program has 18 ultimate options. FazScan, Program for Vulnerability Scanning and Pentesting Options Available : 1. SQL Injection Pentester 2. Common SQLi Vulnerability Scanner 3. Advanced SQLi Vulnerability Scanner 4. Common Web Vulnerability Scanner 5. Automated CMS Detector 6. Web CMS WordPress Vulnerability Scanner 7. Web CMS Magento Vulnerability Scanner 8. Web CMS Joomla Vulnerability Scanner 9. Web CMS Lokomedia Vulnerability Scanner 10. Web CMS Drupal Vulnerability Scanner + Shell Uploader 11. Web Information Gathering Kit Update's New Feature [18 Options] 12. CloudFlare WAF Protection Bypasser Update's New Feature 13. Dork Scanner 14. Automated Open Port Scanner 15. Denial of Service Attack 16. Admin Page Detector (7475 Pages Will be Scanned) 17. About the Programmer 18. Exit the Program [HIDE][Hidden Content]]
  22. BlackDir-Framework [1] Spider Directories [2] Find Sub Domain [3] Advanced Dorks Search [4] Scan list of Dorks [5] Scan WebSites [Xss,Sql] [6] Reverse Ip Lookup [7] Port Scan [HIDE][Hidden Content]]
  23. FinDOM-XSS FinDOM-XSS is a tool that allows you to find possible and/ potential DOM-based XSS vulnerability in a fast manner. [HIDE][Hidden Content]]
  24. Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. [HIDE][Hidden Content]]
  25. Options Available : 1. SQL Injection Pentester 2. Common SQLi Vulnerability Scanner 3. Advanced SQLi Vulnerability Scanner 4. Common Web Vulnerability Scanner 5. Automated CMS Detector 6. Web CMS WordPress Vulnerability Scanner 7. Web CMS Magento Vulnerability Scanner 8. Web CMS Joomla Vulnerability Scanner 9. Web CMS Lokomedia Vulnerability Scanner 10. Web CMS Drupal Vulnerability Scanner + Shell Uploader 11. Web Information Gathering Kit Update's New Feature [18 Options] 12. CloudFlare WAF Protection Bypasser Update's New Feature 13. Dork Scanner 14. Automated Open Port Scanner 15. Denial of Service Attack 16. Admin Page Detector (7475 Pages Will be Scanned) 17. About the Programmer 18. Exit the Program [HIDE][Hidden Content]]