Search the Community

Showing results for tags 'web'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 93 results

  1. WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… [Hidden Content]
  2. Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Support Platforms Linux Windows MacOSX [HIDE][Hidden Content]]
  3. itsMe

    Quarantyne - Modern Web Firewall

    Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails Automated web security made simple Quarantyne is a reverse-proxy that protects web applications and APIs from fraudulent behavior, misuse, bots and cyber-attacks in real-time. Requirements Java 8 Presentation Quarantyne is a reverse-proxy written in java. It fronts a web application or API and protects it from fraudulent behavior, misuse, bots and cyber-attacks. It cannot stop them all, but it will definitely make it harder and more expensive to perform. It's like a firewall but smarter, because it does not just block traffic because the user-agent is not in a whitelist. Quarantyne also performs deep request inspection to detect if, for example, the password used has been compromised before, or if the email is disposable, with minimal configuration and no changes in your application. Our coverage section precisely lists what Quarantyne can identify. Features Wide coverage of common HTTP threats and misuse See coverage for a complete list of the threats and misuse Quarantyne can identify and stop. Deep traffic analysis Quarantyne performs deep inspection of web traffic going to your application to verify that the data being sent is not compromised or junk. Generic integration Quarantyne adds extra HTTP headers to the request it proxies to your service. For example, an HTTP request coming from AWS will bear the following headers: X-Quarantyne-Labels: PCX X-Quarantyne-RequestId: 08a0e31a-f1a5-4660-9316-0fdf5d2a959d Active protection Quarantyne can be configured to stop malicious requests from reaching your servers, avoiding wasting computing/DB/cache resources, metrics skew, junk data... See (Passive vs Active)[#passivevsactive]. Metrics & health reporting Quarantyne binds to an internal adminPort, where metrics (latencies, success rate...) as well as the health of the proxy are reported. Privacy friendly / GDPR compliance Quarantyne is offline software. It runs inside your private network and does not communicate over the Internet with anyone to share data about your traffic, your business, or your users. Ops Friendly. Single jar with 0 dependencies. Metrics are available on [proxyHost]:[adminPort]/metrics. Service health is available on [proxyHost]:[adminPort]/health [HIDE][Hidden Content]]
  4. Evolution: It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof. Enter RapidScan. Features one-step installation. executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously. some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismero etc executes under one entity. saves a lot of time, indeed a lot time!. checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively. legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed. association with OWASP Top 10 2017 on the list of vulnerabilities discovered. (under development) critical, high, medium, low and informational classification of vulnerabilities. vulnerability definitions guides you what the vulnerability actually is and the threat it can pose. (under development) remediations tells you how to plug/fix the found vulnerability. (under development) executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development) artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development) detailed comprehensive report in a portable document format (*.pdf) with complete details of the scans and tools used. (under development) FYI: program is still under development, works and currently supports 80 vulnerability tests. parallel processing is not yet implemented, may be coded as more tests gets introduced. Vulnerability Checks DNS/HTTP Load Balancers & Web Application Firewalls. Checks for Joomla, WordPress and Drupal SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling). Commonly Opened Ports. DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum). Sub-Domains Brute Forcing. Open Directory/File Brute Forcing. Shallow XSS, SQLi and BSQLi Banners. Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution). & more coming up... Requirements Python 2.7 Kali OS (Preferred, as it is shipped with almost all the tools) For other OS flavours, working on a docker support. Hang on. [Hidden Content]
  5. About WhatWeb WhatWeb identifies websites. Its goal is to answer the question, "What is that Website?". WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called 'stealthy', is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests. Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. '', but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for "/wp-content/" within relative links. Features Over 1800 plugins Control the trade off between speed/stealth and reliability Performance tuning. Control how many websites to scan concurrently. Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, ElasticSearch, SQL. Proxy support including TOR Custom HTTP headers Basic HTTP authentication Control over webpage redirection IP address ranges Fuzzy matching Result certainty awareness Custom plugins defined on the command line IDN (International Domain Name) support [HIDE][Hidden Content]]
  6. Web Data Extractor Pro is a powerful and easy-to-use application which helps you automatically extract specific information from web pages. Main Features: Completely new powerful spidering engine Completely reworked UI - slick & sexy Pro version of WDE doesn't have any limits - feel free to process thousands of sites, gigabytes of data Extremely fast search and accuracy Extract any data you want by Custom data extraction Support of working with proxy servers' list New session management allows you manage huge amount of data Brand new simplified user interface Unicode support [HIDE][Hidden Content]]
  7. itsMe

    WYSIWYG Web Builder 14.4.0

    [Hidden Content] Features WYSIWYG Web Builder has tools for both beginners and professional designers/developers. Responsive Web Design Built-in support for layout grid, flexbox, css grid or fixed layouts with breakpoints Web Fonts Easily add Google Fonts and other Web Fonts to your website. Animations Add amazing pre made animations and transitions or create your own animations. More than 150 pre-defined animations are included. Pre-made Blocks Use pre-made blocks to quickly get started. More than 150 blocks are available! Forms Tools Send Emails, Upload Files, Store Data in MySQL or CSV, Auto Responder, Password Protect Pages, Form Validation, Conditons/Calculations Images & Media Image filters, shapes, galleries, carousels, lightboxes, rollover animations, YouTube, Vimeo, HTML5 Video/Audio Icon Libaries Support for Font Awesome, Material Icons and many other icon libraries Navigation Navigation buttons, drop down menus, fullscreen menu, mega menu, panel menu, breadcrumb, pagination and much more! Extensions Hundreds of extensions to add extra functionality to the software. Including slideshows, navigation, audio/video, webshops, data viewers etc. [HIDE][Hidden Content]]
  8. web service and api attack examples and demonstration. [HIDE][Hidden Content]]
  9. GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability. View the full article
  10. is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/key file Identifying weak keys via a High-speed Dictionary Attack Forging new token header and payload values and creating a new signature with the key or via another attack method [HIDE][Hidden Content]]
  11. Xitami Web Server version 2.5 remote SEH buffer overflow exploit with egghunter. View the full article
  12. Web Crawler, Scanner, and Analyzer Framework (Shell-Script based) Bashter is a tool for scanning a Web-based Application. Bashter is very suitable for doing Bug Bounty or Penentration Testing. It is designed like a framework so you can easily add a script for detect vulnerability. [HIDE][Hidden Content]]
  13. CentOS Web Panel versions (Free), (Pro), and (Pro) suffer from a domain field (Add DNS Zone) cross site scripting vulnerability. View the full article
  14. itsMe

    Antenna Web Design Studio 6.61

    Design great looking web sites rapidly with Antenna, powerful web design software. Create a professional web site to promote yourself or your company. Publish your site online or distribute as an interactive CV. Be seen - make a good impression - get noticed! You can create your own web pages and digital photo galleries in minutes, without any HTML knowledge. Antenna's powerful editor is entirely visual, giving you pixel accurate control. Wherever you drag & drop text, pictures, buttons, animation and movies on the page, that's exactly where they will appear in the web browser. With Dual Layout Responsive you can cater for desktop and mobile too. When you are ready to publish your site, you won't need to buy any additional software - Antenna has its own publisher built in, and can publish changes only, updating your site very quickly. You can also design smooth gradient backgrounds and attractive glossy buttons without switching between applications - it's all built in! Give yourself a competitive edge and dip your toes into the international scene at any time - make any part of your web site multilingual. And if you need a hand there's free online tutorials, expert tips, a comprehensive illustrated user guide & free tech support. [Hidden Content] [HIDE][Hidden Content]]
  15. zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web [HIDE][Hidden Content]]
  16. Turn Android Device into a Web Server ✅Following are the steps: [Hidden Content]
  17. CentOS Web Panel versions (Free) and (Pro) suffer from an email field persistent cross site scripting vulnerability. View the full article
  18. SN1PER WEB VULNERABILITY SCANNING TOOL Sn1per is a vulnerability scanner that is ideal for penetration testing when scanning for vulnerabilities. The team behind the software, which is easily loaded into Kali Linux, have a free (community version) and a paid plan as well. Steps For Installation (LINUX ON TERMINAL) 1. git clone [hide][Hidden Content]] 2. cd Sn1per 3. chmod +x 4. ./
  19. CentOS Web Panel version suffers from a persistent cross site scripting vulnerability. View the full article
  20. dEEpEst


    [Hidden Content]
  21. Matri4Web Matrimony Web Script suffers from multiple remote SQL injection vulnerabilities. View the full article
  22. dEEpEst

    Web Vulnerability Scanners

    [Hidden Content]
  23. Vembu Storegrid Web Interface version 4.4.0 suffers from cross site scripting and information leakage vulnerabilities. View the full article